2014-02-25 19:48 GMT+08:00 Salvatore Orlando <sorla...@nicira.com>: > I understand the fact that resources with invalid tenant_ids can be > created (only with admin rights at least for Neutron) can be annoying. > > However, I support Jay's point on cross-project interactions. If tenant_id > validation (and orphaned resource management) can't be efficiently handled, > then I'd rather let 3rd party scripts dealing with orphaned and invalid > resources. > > I reckon that it might be worth experimenting whether the notifications > sent by Keystone (see Dolph's post on this thread) can be used to deal with > orphaned resources. > For tenant_id validation, anything involving an extra round trip to > keystone would not be efficient in my opinion. If there is a way to perform > this validation in the same call which validates the tenant auth_token then > it's a different story. > Notifications from keystone *could* be used to build a local (persistent > perhaps) cache of active tenant identifiers. However, this would require > reliable notifications, as well as appropriate cache management, which is > often less simple than what it looks like. > > Salvatore >
Thanks for your explanation and suggestion, Salvatore, I still think it's a problem that we should handle in OpenStack or outside(through what you said, say 3rd party scripts), maybe we could add some contents in wiki or doc? any idea? -- *---------------------------------------* *Lingxian Kong* Huawei Technologies Co.,LTD. IT Product Line CloudOS PDU China, Xi'an Mobile: +86-18602962792 Email: konglingx...@huawei.com; anlin.kong@gmail.c <anlin.k...@gmail.com>
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
